02-07-2013 03:42 AM
Hi all ,
below is cisco asa config for our customer end:
crypto ipsec transform-set chello-transform esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 4608000
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
What should i configure on checkpoint for first phase and second phase ?
Regards,
Suhail
02-07-2013 03:58 AM
In checkpoint VPN community, default setting for phase 1 is 86400 seconds so you're good there. Phase II default is 28,800 so you need to edit the parameter and change it to 3600. the rest is the same as cisco with the exception of the lifetime in kilobytes which CP does not have
Easy right?
02-07-2013 04:17 AM
its already set to 3600 by default , all i need to know is what shall i use in phase 1 : sha 1 , sha6 , 3des , aes 256
what shall i use in phase 2: sha 1 , sha6 , 3des , aes 256
Regards,
Suhail
02-07-2013 04:24 AM
both sides need to be identical. Whatever you set on the Cisco side, you do the same thing on Checkpoint R75 in the VPN community section
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: